Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Windows Logon' = '%WINDIR%\winlogon1.exe'
- '%WINDIR%\winlogon1.exe'
- '%WINDIR%\winlogon1.exe' (загружен из сети Интернет)
- <SYSTEM32>\yacscom.dll
- %WINDIR%\winlogon1.exe
- %WINDIR%\pchealth\helpctr\binaries\msconfig.exe
- 'gh###warez.com':80
- 'localhost':1037
- gh###warez.com/yacscom.dll
- gh###warez.com/winlogon.exe
- DNS ASK gh###warez.com